PT-2011-1348 · Pentaho · Pentaho Bi Server

Published

2011-09-13

Updated

2018-10-10

CVE-2009-5099

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pentaho BI Server versions 1.7.0.1062 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the outputType parameter.

Recommendations For versions 1.7.0.1062 and earlier, avoid using the outputType parameter in affected API endpoints until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-5099

Affected Products

Pentaho Bi Server

PT-2011-1348 · Pentaho · Pentaho Bi Server

CVE-2009-5099

Weakness Enumeration

Related Identifiers

Affected Products

References · 6